A Network Address Translation (NAT) device is commonly used in Internet Protocol (IP) translation and mapping technology. These devices are often used to allow multiple users to gain access to a network via one address. A gateway may map many IP addresses on one side of the NAT device to one IP address (or a small number of IP addresses) on the other side. Using this mapping, a number of hosts each associated with an IP address may exist behind one NAT device, and their network traffic is seen on the other side of the NAT device as coming from a single IP address (or a small number of IP addresses).
The existence of NAT devices on a network has been a challenge to network and security administrators, as it can potentially hide unauthorized hosts, or even entire networks from network management systems, security systems and administrators. This threat may be made more severe where the NAT device is a wireless router, which can enable a hidden host outside an organization's premise to connect to the network of the organization.
Detection of NAT devices can be difficult because they can be virtually indistinguishable from a host computer. For example, an unauthorized host may connect to the protected network via the NAT device. When the unauthorized host sends a packet to the network, the source IP address in the packet of the unauthorized host are replaced with the IP address by the NAT device. This feature of the NAT device renders the detection of the source of any dubious access or operation to or in the protected network quite difficult.